Vulnerability Archives - GBHackers Security | #1 Globally Trusted Cyber Security News Platform

CISA Warns of Critical Palo Alto Networks Vulnerability Exploited in Attacks

Divya — Fri, 08 Nov 2024 06:15:17 +0000

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns organizations of a critical vulnerability in Palo Alto Networks’ Expedition tool, which could lead to severe security breaches. The vulnerability, CVE-2024-5910, is classified as a “Missing Authentication” flaw that potentially allows attackers with network access to take control of an Expedition admin account. According to CISA’s […]

The post CISA Warns of Critical Palo Alto Networks Vulnerability Exploited in Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Cisco Desk Phone Series Vulnerability Lets Remote Attacker Access Sensitive Information

Divya — Thu, 07 Nov 2024 12:28:08 +0000

A significant vulnerability (CVE-2024-20445) has been discovered in Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 that could allow remote, unauthenticated attackers to access sensitive information. This vulnerability, classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor), is due to improper storage of sensitive information within the web […]

The post Cisco Desk Phone Series Vulnerability Lets Remote Attacker Access Sensitive Information appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Cisco Flaw Let Attackers Run Command as Root User

Divya — Thu, 07 Nov 2024 06:03:54 +0000

A critical vulnerability has been discovered in Cisco Unified Industrial Wireless Software, which affects Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points. This flaw tracked as CVE-2024-20418 enables unauthenticated, remote attackers to perform command injection attacks and execute arbitrary commands as the root user on the underlying operating system of the affected devices. Vulnerability Details – […]

The post Cisco Flaw Let Attackers Run Command as Root User appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Azure API Management Vulnerabilities Let Attackers Escalate Privileges

Divya — Wed, 06 Nov 2024 09:53:27 +0000

Recent discoveries by Binary Security have revealed critical vulnerabilities in Azure API Management (APIM) that could allow attackers with minimal privileges to escalate their access and take full control over the APIM service. These vulnerabilities were reported to Microsoft, leading to some fixes. However, certain issues remain unresolved, exposing many users unless they manually disable legacy API […]

The post Azure API Management Vulnerabilities Let Attackers Escalate Privileges appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Google Patches High-Severity Vulnerabilities in Chrome

Divya — Wed, 06 Nov 2024 08:55:15 +0000

Google has released a new update for its Chrome browser, addressing two high-severity vulnerabilities. The Stable channel has now been updated to version 130.0.6723.116/.117 for Windows and Mac and version 130.0.6723.116 for Linux. The update will be rolled out to users over the next few days or weeks, and a complete list of changes is available in the Chrome […]

The post Google Patches High-Severity Vulnerabilities in Chrome appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Google Patched 40 Security Vulnerabilities Along With Two Zero-Days

Divya — Tue, 05 Nov 2024 07:24:06 +0000

Google has released a batch of security updates addressing 40 vulnerabilities, two of which are critical zero-day exploits. As reported in the November 2024 Android Security Bulletin, these updates are crucial for maintaining the integrity and safety of Android devices worldwide. The November 5, 2024, security patch is designed to tackle a broad spectrum of […]

The post Google Patched 40 Security Vulnerabilities Along With Two Zero-Days appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

New Windows Zero-Day Vulnerability Let Attackers Steal Credentials From Victim’s Machine

Aman Mishra — Mon, 04 Nov 2024 12:32:59 +0000

A security researcher discovered a vulnerability in Windows theme files in the previous year, which allowed malicious actors to steal Windows users’ credentials. When a theme file specifies a network path for specific properties, like the brand image or wallpaper, Windows automatically sends authenticated network requests to remote hosts, including the user’s NTLM credentials. This […]

The post New Windows Zero-Day Vulnerability Let Attackers Steal Credentials From Victim’s Machine appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Okta Verify Agent for Windows Flaw Let Attackers Steal User Passwords

Divya — Mon, 04 Nov 2024 10:14:54 +0000

A newly discovered vulnerability in Okta’s Device Access features for Windows could allow attackers to steal user passwords on compromised devices. The flaw affecting the Okta Verify agent for Windows specifically concerns how the software interacts with OktaDeviceAccessPipe, a component that handles passwordless multi-factor authentication (MFA) logins. The flaw could enable malicious actors to retrieve […]

The post Okta Verify Agent for Windows Flaw Let Attackers Steal User Passwords appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

MediaTek High Severity Vulnerabilities Let Attackers Escalate Privileges

Divya — Mon, 04 Nov 2024 08:58:29 +0000

In its recent MediaTek Product Security Bulletin, the chipmaker disclosed two high-severity security vulnerabilities that affect multiple devices, including smartphones, tablets, AIoT (Artificial Intelligence of Things), smart displays, and more. The vulnerabilities could allow attackers to escalate their privileges on affected devices, leading to unauthorized access and control. The vulnerabilities were identified and assessed using […]

The post MediaTek High Severity Vulnerabilities Let Attackers Escalate Privileges appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Google Chrome Security, Critical Vulnerabilities Patched

Divya — Wed, 30 Oct 2024 06:05:17 +0000

Google has updated its Chrome browser, addressing critical vulnerabilities that posed potential risks to millions of users worldwide. The latest Stable channel update, version 130.0.6723.91/.92 for Windows and Mac and 130.0.6723.91 for Linux will be rolled out over the coming days and weeks. This update extends to the Extended Stable channel with version 130.0.6723.92 for […]

The post Google Chrome Security, Critical Vulnerabilities Patched appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.